delorie.com/djgpp/bugs/show.cgi   search  
Bug 000089

When Created: 06/13/1996 09:18:01
Against DJGPP version: 2.00
By whom: eliz@is.elta.co.il
Abstract: Writing to stdprn crashes under CWSDPMI
A program that tries to fprintf to `stdprn' will crash under CWSDPMI.
It is easier to see this when the printer is OFF, but it also happens
when the printer is ON.

The reason is that `_flsbuf' doesn't allocate a buffer for a stream
that is line-buffered, and therefore dereferences a null pointer
when `stdprn' (which is line-buffered) is first used by a buffered
I/O function.

Solution added: 06/13/1996 09:23:14
By whom: eliz@is.elta.co.il
Apply the following patches:

*** src/libc/ansi/stdio/flsbuf.c~0      Fri Jun 16 08:59:52 1995
--- src/libc/ansi/stdio/flsbuf.c        Thu Jun 13 10:34:00 1996
*************** _flsbuf(int c, FILE *f)
*** 24,30 ****
    if ((f->_flag&_IOWRT)==0)
      return EOF;

!  tryagain:
    if (f->_flag&_IOLBF)
    {
      base = f->_base;
--- 24,54 ----
    if ((f->_flag&_IOWRT)==0)
      return EOF;

!   if ((base = f->_base) == NULL && (f->_flag & _IONBF) == 0)
!   {
!     size = _go32_info_block.size_of_transfer_buffer;
!     if ((f->_base = base = malloc (size)) == NULL)
!     {
!       f->_flag |= _IONBF;
!       f->_flag &= ~(_IOLBF | _IOFBF);
!     }
!     else
!     {
!       f->_flag |= _IOMYBUF;
!       f->_bufsiz = size;
!       if (f == stdout && isatty (fileno (stdout)))
!       {
!       f->_flag |= _IOLBF;
!       f->_flag &= ~(_IONBF | _IOFBF);
!       }
!       else
!       rn = n = 0;
!
!       f->_ptr = base;
!       f->_cnt = f->_bufsiz;
!     }
!   }
!
    if (f->_flag&_IOLBF)
    {
      base = f->_base;
*************** _flsbuf(int c, FILE *f)
*** 51,76 ****
      }
      else
      {
!       if ((base=f->_base)==NULL)
!       {
!       size = _go32_info_block.size_of_transfer_buffer;
!       if ((f->_base=base=malloc(size)) == NULL)
!       {
!         f->_flag |= _IONBF;
!         goto tryagain;
!       }
!       f->_flag |= _IOMYBUF;
!       f->_bufsiz = size;
!       if (f==stdout && isatty(fileno(stdout)))
!       {
!         f->_flag |= _IOLBF;
!         f->_ptr = base;
!         goto tryagain;
!       }
!       rn = n = 0;
!       }
!       else
!       rn = f->_ptr - base;
        f->_ptr = base;
        f->_cnt = f->_bufsiz;
      }
--- 75,81 ----
      }
      else
      {
!       rn = f->_ptr - base;
        f->_ptr = base;
        f->_cnt = f->_bufsiz;
      }
*** src/libc/ansi/stdio/filbuf.c~0      Fri Jun 23 09:49:38 1995
--- src/libc/ansi/stdio/filbuf.c        Thu Jun 13 10:36:16 1996
*************** _filbuf(FILE *f)
*** 30,35 ****
--- 30,36 ----
      size = _go32_info_block.size_of_transfer_buffer;
      if ((f->_base = malloc(size)) == NULL) {
        f->_flag |= _IONBF;
+       f->_flag &= ~(_IOFBF|_IOLBF);
        goto tryagain;
      }
      f->_flag |= _IOMYBUF;

Fixed in version 2.01 on 07/26/1996 00:22:33
By whom: dj@delorie.com



  webmaster     delorie software   privacy  
  Copyright © 2010   by DJ Delorie     Updated Jul 2010